libervia-web: libervia/web/pages/forums/list/page

annotate libervia/web/pages/forums/list/page_meta.py @ 1598:86c7a3a625d5

server: always start a new session on connection: The session was kept when a user was connecting from service profile (but not from other profiles), this was leading to session fixation vulnerability (an attacker on the same machine could get service profile session cookie, and use it when a victim would log-in). This patch fixes it by always starting a new session on connection. fix 443

author	Goffi <goffi@goffi.org>
date	Fri, 23 Feb 2024 13:35:24 +0100
parents	eb00d593801d
children

rev	line source
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	1 #!/usr/bin/env python3
1239 f511f8fbbf8a fixed shebangs Goffi <goffi@goffi.org> parents: 1216 diff changeset	2
1518 eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes Goffi <goffi@goffi.org> parents: 1509 diff changeset	3 from libervia.web.server.constants import Const as C
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes Goffi <goffi@goffi.org> parents: 1509 diff changeset	4 from libervia.backend.core.log import getLogger
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes Goffi <goffi@goffi.org> parents: 1509 diff changeset	5 from libervia.backend.core.i18n import _
eb00d593801d refactoring: rename `libervia` to `libervia.web` + update imports following backend changes Goffi <goffi@goffi.org> parents: 1509 diff changeset	6 from libervia.backend.tools.common import uri as xmpp_uri
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	7
1145 29eb15062416 pages: set __name__ for imported pages Goffi <goffi@goffi.org> parents: 1124 diff changeset	8 log = getLogger(__name__)
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	9 import json
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	10
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	11 """forum handling pages"""
2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	12
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	13 name = "forums"
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	14 access = C.PAGES_ACCESS_PUBLIC
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	15 template = "forum/overview.html"
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	16
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	17
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	18 def parse_url(self, request):
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	19 self.get_path_args(
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	20 request,
cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	21 ["service", "node", "forum_key"],
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	22 service="@jid",
b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	23 node="@",
b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	24 forum_key="",
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	25 )
cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	26
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	27
1427 eaf36fffcbdb pages (forums): better breadcrumbs Goffi <goffi@goffi.org> parents: 1239 diff changeset	28 def add_breadcrumb(self, request, breadcrumbs):
eaf36fffcbdb pages (forums): better breadcrumbs Goffi <goffi@goffi.org> parents: 1239 diff changeset	29 # we don't want breadcrumbs here as long as there is no forum discovery
eaf36fffcbdb pages (forums): better breadcrumbs Goffi <goffi@goffi.org> parents: 1239 diff changeset	30 # because it will be the landing page for forums activity until then
eaf36fffcbdb pages (forums): better breadcrumbs Goffi <goffi@goffi.org> parents: 1239 diff changeset	31 pass
eaf36fffcbdb pages (forums): better breadcrumbs Goffi <goffi@goffi.org> parents: 1239 diff changeset	32
eaf36fffcbdb pages (forums): better breadcrumbs Goffi <goffi@goffi.org> parents: 1239 diff changeset	33
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	34 def get_links(self, forums):
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	35 for forum in forums:
2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	36 try:
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	37 uri = forum["uri"]
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	38 except KeyError:
2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	39 pass
2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	40 else:
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	41 uri = xmpp_uri.parse_xmpp_uri(uri)
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	42 service = uri["path"]
b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	43 node = uri["node"]
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	44 forum["http_url"] = self.get_page_by_name("forum_topics").get_url(service, node)
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	45 if "sub-forums" in forum:
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	46 get_links(self, forum["sub-forums"])
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	47
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	48
1427 eaf36fffcbdb pages (forums): better breadcrumbs Goffi <goffi@goffi.org> parents: 1239 diff changeset	49 async def prepare_render(self, request):
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	50 data = self.get_r_data(request)
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	51 template_data = request.template_data
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	52 service, node, key = data["service"], data["node"], data["forum_key"]
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	53 profile = self.get_profile(request) or C.SERVICE_PROFILE
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	54
1080 2c2b8c08e6c9 pages (forums): log a warning and use an empty list when forums are not available Goffi <goffi@goffi.org> parents: 1058 diff changeset	55 try:
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	56 forums_raw = await self.host.bridge_call(
106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	57 "forums_get", service.full() if service else "", node, key, profile
1113 cdd389ef97bc server: code style reformatting using black Goffi <goffi@goffi.org> parents: 1080 diff changeset	58 )
1080 2c2b8c08e6c9 pages (forums): log a warning and use an empty list when forums are not available Goffi <goffi@goffi.org> parents: 1058 diff changeset	59 except Exception as e:
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	60 log.warning(_("Can't retrieve forums: {msg}").format(msg=e))
1080 2c2b8c08e6c9 pages (forums): log a warning and use an empty list when forums are not available Goffi <goffi@goffi.org> parents: 1058 diff changeset	61 forums = []
2c2b8c08e6c9 pages (forums): log a warning and use an empty list when forums are not available Goffi <goffi@goffi.org> parents: 1058 diff changeset	62 else:
2c2b8c08e6c9 pages (forums): log a warning and use an empty list when forums are not available Goffi <goffi@goffi.org> parents: 1058 diff changeset	63 forums = json.loads(forums_raw)
1509 106bae41f5c8 massive refactoring from camelCase -> snake_case. See backend commit log for more details Goffi <goffi@goffi.org> parents: 1427 diff changeset	64 get_links(self, forums)
1058 2290b6ec3991 pages (forums): first draft Goffi <goffi@goffi.org> parents: diff changeset	65
1216 b2d067339de3 python 3 port: Goffi <goffi@goffi.org> parents: 1145 diff changeset	66 template_data["forums"] = forums

Mercurial > libervia-web

annotate libervia/web/pages/forums/list/page_meta.py @ 1598:86c7a3a625d5